# Customer Portal Stack für Coolify/Hetzner
# ==========================================
#
# Kundenportal mit Video-Zugang und Buchungsuebersicht
#
# Required Environment Variables:
# - PORTAL_DOMAIN (z.B. portal.islandpferde-melanieworbs.de)
# - DB_PASSWORD (PostgreSQL Passwort)
# - SECRET_KEY (Flask Secret Key)
# - WP_API_URL (WordPress REST API URL)
# - WP_API_SECRET (WordPress API Secret)

services:
  # ===================
  # Flask Portal App
  # ===================
  portal:
    build:
      context: .
      dockerfile: Dockerfile.production
    container_name: ${PROJECT_NAME:-customer-portal}
    restart: unless-stopped
    environment:
      - FLASK_ENV=production
      - DATABASE_URL=postgresql://portal:${DB_PASSWORD}@portal-db:5432/customer_portal
      - SECRET_KEY=${SECRET_KEY}
      - PORTAL_URL=https://${PORTAL_DOMAIN}
      # WordPress API
      - WP_API_URL=${WP_API_URL:-https://kurse.islandpferde-melanieworbs.de/wp-json}
      - WP_API_SECRET=${WP_API_SECRET}
      # Video API
      - VIDEO_API_URL=${VIDEO_API_URL:-https://videos.islandpferde-melanieworbs.de}
      - VIDEO_API_KEY=${VIDEO_API_KEY}
      # Email (SMTP)
      - MAIL_SERVER=${MAIL_SERVER:-smtp.gmail.com}
      - MAIL_PORT=${MAIL_PORT:-587}
      - MAIL_USE_TLS=${MAIL_USE_TLS:-true}
      - MAIL_USERNAME=${MAIL_USERNAME}
      - MAIL_PASSWORD=${MAIL_PASSWORD}
      - MAIL_DEFAULT_SENDER=${MAIL_DEFAULT_SENDER:-noreply@islandpferde-melanieworbs.de}
    depends_on:
      portal-db:
        condition: service_healthy
    networks:
      - internal
      - coolify
    labels:
      - "traefik.enable=true"
      # HTTPS Router
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}.rule=Host(`${PORTAL_DOMAIN}`)"
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}.entrypoints=https"
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}.tls=true"
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}.tls.certresolver=letsencrypt"
      - "traefik.http.services.${PROJECT_NAME:-customer-portal}.loadbalancer.server.port=8000"
      # HTTP zu HTTPS Redirect
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}-http.rule=Host(`${PORTAL_DOMAIN}`)"
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}-http.entrypoints=http"
      - "traefik.http.middlewares.${PROJECT_NAME:-customer-portal}-https.redirectscheme.scheme=https"
      - "traefik.http.routers.${PROJECT_NAME:-customer-portal}-http.middlewares=${PROJECT_NAME:-customer-portal}-https"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s

  # ===================
  # PostgreSQL Database
  # ===================
  portal-db:
    image: postgres:17-alpine
    container_name: ${PROJECT_NAME:-customer-portal}-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: portal
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_DB: customer_portal
    volumes:
      - portal_db_data:/var/lib/postgresql/data
    networks:
      - internal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U portal -d customer_portal"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s

networks:
  internal:
    driver: bridge
  coolify:
    external: true

volumes:
  portal_db_data:
    name: ${PROJECT_NAME:-customer-portal}_db